Weekly Axis Of Easy #166
- Crypto derivatives platform BitMex hit with indictments, arrest
- Ontario cops misused COVID contact tracing database
- New phishing “worm” one of most effective Business Email Compromise attacks yet
- Hospitals paralyzed in largest healthcare ransomware attack ever
- Tokyo stock exchange outage halts trading for entire day
- 911 outage hits 14 US states
- How India censors the web
- Google Play will require all Android apps to use its billing system
- AxisOfEasy: It’s not Conspiracy. It’s Culture
On Sept 2, the US DoJ and CFTC filed indictments against the crypto-currency derivatives platform BitMex and its three co-founders. One of them, CTO Samuel Reed was arrested in Massachusetts, while CEO Arthur Hayes and Ben Delo were outside of the USA and remain “at large.”
BitMex incorporated in the Seychelles Islands in an effort to avoid US regulations, however the indictments and corresponding civil complaints allege that the company still provided services to US citizens without undertaking proper KYC (Know Your Customer) and AML (Anti-Money Laundering) procedures, which made it in the grand scheme of things, a money laundering operation.
Company spokesman and legal representatives maintain that the company denies any wrongdoing and will defend against the charges.
Coindesk’s “Breakdown” with NLW had crypto legal experts Stephen Palley and Preston Byrne on for a deep dive into the indictments, the background and what this means for Bitcoin, DeFi and the crypto space in general.
Ontario cops misused COVID contact tracing database
Two civil liberties groups in Canada have issued separate reports detailing how police in Ontario have misused a COVID contact tracing database to make queries unrelated to active calls. The Canadian Civil Liberties Association (CCLA) and the Canadian Constitution Foundation (CCF) have raised the alarm and objected to the database on the grounds that
“allowing police to access personal health records violated individuals’ constitutional rights to privacy and equality.”
The database was created pursuant to an emergency order in April that would enable police to obtain names and addresses of Ontarians who had tested positive for COVID-19 was intended to protect first responders. Police conducted over 95,000 searches while it was active.
The CCF uncovered a memo issued from the Solicitor General to the provinces chiefs of police detailing “shocking misuse” of the system and singling out two police forces in particular: Thunder Bay and Durham County, and the group has lodged a complaint with Ontario’s Privacy Commissioner.
To both their credit, Toronto Police Services declined to use the database at all due to “issues with the accuracy and reliability of the information,” while York Regional police directed the province to rescind access after an internal review sniffed an elevated likelihood of a gigantic privacy sh*tstorm if they used it. Looks like a good call.
The memo: https://theccf.ca/wp-content/uploads/SolGen-2020-02163-records-1.pdf
New phishing “worm” one of most effective Business Email Compromise yet
When it comes to cyber-criminals, they are always upping their game and raising the ante. This article details one secops view of a phishing attack against his organization. While the attack didn’t fit the exact definition of a “worm,” which spreads without human aid, the dynamics of the attack were very worm-like.
In this case the attack spread by compromising an account and sifting through the emails in the vulnerable mailbox and then locating email conversations with multiple recipients. Using the reply-to-all in order to follow up on those conversations, it directed everyone to follow a link to a spearphishing URL that would further compromise the next round of infectees.
The viral responses would arrive in victims mailboxes and
“gave every email an inherited sense of trust. ‘You asked for this thing, here it is: link to phishing page.’”
The secops team was able to isolate a pattern in the attacker URL to filter on their network edge, and then enabled 2-factor authentication for anybody who did not already have it enabled.
Hospitals paralyzed in largest healthcare ransomware attack ever
In what is being called possibly the largest healthcare related ransomware attack ever, computer systems within Universal Health Services, a company that runs approximately 400 hospitals, began shutting down over the weekend of Sept 26th. Recall that in AoE 164 the report on how a ransomware attack on a hospital in Germany resulted in the first known fatality caused by this type of attack.
In this case the hospitals were able to continue operating by falling back to manual methods of paperwork, but the primary failure mode seems to be around the medication systems, which are all online.
Tokyo stock exchange outage halts trading for entire day
On Thursday Oct 1st the Tokyo Stock Exchange suffered a hardware failure that took the stock bourse down completely for the entire day. It was the first complete failure and entire day of missed trading since it switched over to 100% electronic trading in 1999. The TSE is the world’s 3rd largest stock exchange in terms of trading volume, ascribed the outage to a hardware failure in its “Arrowhead” facility, combined with an inability to switch over to its backup systems.
Overall I find the myopic quality of the reporting on this incident quite telling:
“‘The timing is really just bad,’ said Takashi Hiroki, chief strategist at brokerage Monex in Tokyo, adding that many market participants had been hoping to buy back their stocks or increase their holdings after an overnight rise in U.S. markets.”
Which just goes to show how saturated so-called “investing” is with short-term, immediate price movements instead of long-term, investing as “ownership in a business” mentality. As Warren Buffet has said in the past, “you should own companies where you would be ok with holding them if the markets closed down tomorrow and didn’t open again for 10 years”. I don’t think today’s traders could handle the markets being closed for 10 days.
And another outage, this time hitting the emergency 911 service across 14 US states including Arizona, California, Colorado, Delaware, Florida, Illinois, Indiana, Minnesota, Nevada, North Carolina, North Dakota, Ohio, Pennsylvania and Washington.
It happened last Monday (Sept 28th) and original speculation was that it was related to a widespread Microsoft Azure outage that was happening at the same time. Suspicion then moved on to a couple of vendors that handle e911 calls for large parts of the US. It turned out to zero in specifically on one of those providers, called Intrado – who in turn blamed one of their service providers, but didn’t specify who it was or the root cause.
KrebsOnSecurity thinks that service provider was another 911 provider called Lumen, who’s system status page indicated a complete failure across all systems for the time in question. Lumen, for their part, blames Intrado.
Both companies have had issues in the past, Intrado for their part, having paid multiple fines and settlements over prior outages.
This report is from back in January (updated in April) from India’s Center for Internet and Society looks at how web censorship is being implemented across that country’s various ISPs.
In technical terms they found that different ISPs were using different combinations of different censorship methods, namely via DNS, via HTTP blocking, or in the case of https traffic, via SNI inspection (SNI, or Server Name Identifier, signals to a web server which website an https request is destined for.
The data set of blocked sites was compiled from government orders (some of which were sealed but leaked), court orders, and crowdsourced from user reports via India’s Internet Freedom Foundation.
The results showed that different ISPs have vastly differing block lists and methodologies – in one case one ISP (ACT) was blocking roughly double the number of sites of another ISP (Airtel), leading the study to surmise that there lacked uniformity in ISP compliance with blocking or unblocking orders from government or courts.
The result is that Indian citizens’ experience of web censorship varies widely across the country.
Google Play will require all Android apps to use its billing system
In a move that is reminiscent of Apple’s recent battle with software developers like Epic Games (as reported in AxisOfEasy 161) Google seems to be setting itself up for something similar in the future.
The company has announced that starting next year, all apps in the Google Play store will have to use Google’s billing system for In-App-Purchases for all applications that sell digital services via their apps. The new policy goes into effect September 2021 to allow developers time to adapt.
Last week on the AxisOfEasy Salon #24, Jesse, Charles and I talked about the attention economy and how when we make analogies about some weird bizarroverse somewhere, it never occurs to us that we may be that bizzaroverse.
Check it out here: https://axisofeasy.com/podcast/salon-24-its-not-a-conspiracy-its-a-culture/